5e3857ffaf9338385b1757c5d68a82a5f869b5e319aa826150f768f4e3514fc1

Analysis

max time kernel
145s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c6eb6524d61bcb97f2c035fcb0be720_JaffaCakes118.html
Size

104KB
MD5

2c6eb6524d61bcb97f2c035fcb0be720
SHA1

45c965a653acc2dd47b559fb487b13eb4caa23b2
SHA256

5e3857ffaf9338385b1757c5d68a82a5f869b5e319aa826150f768f4e3514fc1
SHA512

0cf69d5be85b1d55c8ed8359479b66cf7060c37eae05bce0557606eba46816e45e641bddcbe354181524b3ec023667f228304d69b6111dc49cf961599ac90f5e
SSDEEP

768:wuDChpHfu4WLGAWwgs7K45D1BvG9BWQuDChpHfu4WLGAWwgs7K45D1BvG9BVACum:jiicr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
1612	msedge.exe
1612	msedge.exe
1320	identity_helper.exe
1320	identity_helper.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1720	1612	msedge.exe	82
PID 1612 wrote to memory of 1720	1612	msedge.exe	82
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5008	1612	msedge.exe	85
PID 1612 wrote to memory of 5084	1612	msedge.exe	86
PID 1612 wrote to memory of 5084	1612	msedge.exe	86
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87
PID 1612 wrote to memory of 1436	1612	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c6eb6524d61bcb97f2c035fcb0be720_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5f546f8,0x7ffee5f54708,0x7ffee5f54718
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17324891826619591987,534218505031644014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9508d3ca9f0cfd0203706ea5ce185f54

SHA1
36b5ac5a803e7f1b78b6c018d5e57ad0bf868079

SHA256
3c6ae2a26e54712d825795b1fe6189e2ebeca0e812adb7a56657f7a5d2ece324

SHA512
3ab5bb19b391a9c096759c0a6f6ab510b31d9e2d19017c9516e09d48232aa0e34ef7691384d63445e0299fe0de126a89f001fb761bad21ab7ec41f0922d931e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45baf35fb8c4688706b70df6cc738808

SHA1
d052c7c2386bac9d5b1f6e659022fe1918389608

SHA256
713a9f2ff7961e01116680c8ef48d33c009ebf8fb74df2beb04510a29dc7f8f6

SHA512
db6e76209bf675eb916b40a77ed1c024e4193539fad7eb8e6085343fd10318c1c12f8daa0e4d9affa5bc10669eb8cd818904acba50f87f6b7c35447c0b72c406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3ad6b20a81ff4f3795dd6f4c36c12aa

SHA1
c80aa89a2e09f20cab88e53d1e3ce551d42bdf1f

SHA256
a88a2d6ad4819746b8c1e3f557c83141964d5f2de4aa3c697652ae99e33c6495

SHA512
0394d4d5bbcca1ce56ab46cdf24dddd307b1f7fd3c18d873fb5b36d7843141e0bd71f5c492b2d86bea282c23198d7b47a21c9ccff4df1c130c6a5604b0856863

Download Submit